• get system status: Displays versions of firmware and FortiGuard engines, and other system information.
• get system performance status ( Run for 5 times): Displays CPU and memory states, average network usage, average sessions, and session setup rate, the virus caught, IPS attacks blocked, and uptime
• diag sys top 2 50 (Run for 30 Sec and CTRL C to stop), or just use it 'di sys top 2 50 30' (command will automatically stop after 30 seconds) to show top processes information. You can use the 'di sys top' command from the FortiOS CLI to list the processes running on the FortiGate. The command also displays information about each process.
• di sys top-all: Show top threads information.
• diagnose hardware sys conserve: Diagnose command to aid in conserver mode issues, introduced in v5.6.
• diagnose hardware sysinfo memory: Display system memory information.
• diagnose hardware sysinfo slab: Display memory allocation information.
• diagnose hardware sys shm : Display shared memory
  
• diagnose sys top-sockmem : Display processes with the most used socket memory.
• diagnose sys top-mem 20 :Display processes with the most used memory (default 5 processes).
• diagnose sys top-fd : Display processes with the most active file descriptors (default 5 processes).
• diagnose sys print-conserve-info : Print all conserve related info.
• diagnose ips memory status
  
• diagnose ips session status
• diagnose debug enable : Enable debug output
• diagnose wad memory track : Track cmem alloc
• diagnose wad stats : Statistics
  
• diagnose test application wad 1000 : List all WAD processes
• diagnose debug disable : Disable debug output
  
• get hardware memory: Displays the memory stats.
• diagnose autoupdate versions : Update object versions.
• diagnose sys session full-stat : Its going to display the session stat(i.e ESTABLISHED state ,SYN_SENT state etc).
• diagnose debug crashlog read : To get the Crash log info.

Example:

• Assuming a case where the Slab memory is suspect of high memory usage:

diagnose hardware sysnifo memory | grep Slab
Slab: 1114856 kB

• Slab memory is responsible for caching kernel frequently used objects. To view these objects:

diagnose hardware sysinfo slab
slabinfo - version: 2.1
# name <active_objs> <num_objs> <objsize> <objperslab> <pagesperslab> : tunables <limit> <batchcount> <sharedfactor> : slabdata <active_slabs> <num_slabs> <sharedavail>
ip6_session 5 5 1472 5 2 : tunables 24 12 0 : slabdata 1 1 0
tcp_session 3 5 1600 5 2 : tunables 24 12 0 : slabdata 1 1 0
ip_session 15 15 1408 5 2 : tunables 24 12 0 : slabdata 3 3 0
ext4_groupinfo_4k 144 168 144 28 1 : tunables 120 60 0 : slabdata 6 6 0
ip6_mrt_cache 0 0 448 9 1 : tunables 54 27 0 : slabdata 0 0 0
RAWv6 6 7 1152 7 2 : tunables 24 12 0 : slabdata 1 1 0
UDPv6 14 15 1408 5 2 : tunables 24 12 0 : slabdata 3 3 0
tw_sock_TCPv6 0 0 248 16 1 : tunables 120 60 0 : slabdata 0 0 0
request_sock_TCPv6 0 0 312 13 1 : tunables 54 27 0 : slabdata 0 0 0
TCPv6 48 48 2304 3 2 : tunables 24 12 0 : slabdata 16 16 0
qat_crypto_request_cache 30 32 128 32 1 : tunables 120 60 0 : slabdata 1 1 0
scsi_sense_cache 2 32 128 32 1 : tunables 120 60 0 : slabdata 1 1 0
.......................................................................

• Main columns in the above list are:

active_objs:The number of objects that are currently active (i.e., in use).
num_objs: The total number of allocated objects (i.e., objects that are both in use and not in use).
objsize: The size of objects in this slab, in bytes.
objperslab:The number of objects stored in each slab.
pagesperslab: The number of pages allocated for each slab.

• Alternatively, the command below can vie wthe same information:

fnsysctl cat /proc/slabinfo

• Collecting these information multiple times over a long enough interval may provide a good enough sample to troubleshoot when contacting TAC support or even identifying a process that should not be frequently used.

Note:

The above debugs need to be also collected from the time system is stable for the comparison.